On Tue, 24 Jul 2007 07:44:28 -0500, McKown, John <[EMAIL PROTECTED]> wrote:
>> -----Original Message----- >> From: IBM Mainframe Discussion List >> [mailto:[EMAIL PROTECTED] On Behalf Of Carroll, William >> Sent: Tuesday, July 24, 2007 7:40 AM >> To: IBM-MAIN@BAMA.UA.EDU >> Subject: Secure clist >> >> >> Is there any way to secure certain clist from unauthorized use? >> For example if I don't want applications to get into the wlm, >> Application, how would I do it? If it can be done. >> Thanks In Advance. >> > >The only way that I know if is to put the secured CLISTs in a separate >library, then use your security product (RACF, ACF2, TSS, ...) to make >that library readable only by authorized people. I know ACF2 can do command limiting, but I don't recall if it works for CLISTs. Even if it does, it probably only works if you issue the clist (command) without a percent sign or maybe even with a percent sign, but not if you invoke it by ex 'library.name(clist)'. > This also means that >you must have some sort of "start up" CLIST (or REXX) which determines >which libraries to allocated to SYSPROC and/or SYSEXEC. > No, just remove hlq.SBLS* from all logon procs and logon clists, protect the libraries (or at least hlq.SBLSCLI0) and create a WLM invocation clist. With WLM, if you use SYS1 as your HLQ, you don't even need to use LIBDEF. You can just have your panel option for WLM (or invocation clist) use the one WLM provides: EXEC 'SYS1.SBLSCLI0(IWMARIN0)' Here's where Tom jumps in with his dynamic ISPF pitch... Mark -- Mark Zelden Sr. Software and Systems Architect - z/OS Team Lead Zurich North America / Farmers Insurance Group - ZFUS G-ITO mailto:[EMAIL PROTECTED] z/OS and OS390 expert at http://searchDataCenter.com/ateExperts/ Systems Programming expert at http://expertanswercenter.techtarget.com/ Mark's MVS Utilities: http://home.flash.net/~mzelden/mvsutil.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
